If I enable pfsync, there is a kind of mess with the state changes, I get some packet loss, some packets from the established connection are blocked, the state is lost.
I'm still investigating on pfsync flows, but I welcome any clue if somebody has already met this.
I have pfsync running on a Broadcom card (bge) which doesn't handle multicast in 3.5 -release so on a tip from this list, I borrowed the driver from -current.
Even so, I'm still seeing exactly the kind of strangeness you're talking about. As soon as I shut down pfsync, states behaved as expected, without the random drops. So no clue to give you, just a "me too".
To effect an authenticating gateway, I'm using radix tables for adding/remove rules for authenticated users. Radix tables are another bug or omission in 3.5 -release/-stable. (See earlier posts as to why authpf is not an option in my application.)
Are radix table entries handled by pfsync in -current or 3.6? Is this "pfsync strangeness" a known bug in 3.5?
thanks,
jw
